package com.lw.authorization.config;

import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;

//自定义授权服务器
//@Configuration
//@EnableAuthorizationServer
public class InMemoryAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
     private  final PasswordEncoder passwordEncoder;
   // @Autowired
    public InMemoryAuthorizationServerConfig(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }
   // @Autowired
    private UserDetailsService userDetailsService;


    //要告知Spring Security OAuth2，我们的客户端信息在哪里 id secret scope redirect_uri grant_type
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients.inMemory().withClient("client")
                        .secret(passwordEncoder.encode("secret"))
                        .redirectUris("http://localhost:8080")
                        .authorizedGrantTypes("authorization_code","refresh_token")
                .scopes("read:user");
        System.out.println(passwordEncoder.encode("secret")+"************");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.userDetailsService(userDetailsService);
    }
}
// 1授权码路径： /oauth/authorize
//  http://localhost:8080/oauth/authorize?client_id=client&response_type=code&redirect_uri=http://localhost:8080
// 2获取token路径： /oauth/token
//  http://localhost:8080/oauth/token
//  client_id=client
//  client_secret=secret
//  grant_type=authorization_code
//  code=i755E9
//  redirect_uri=http://localhost:8080
//  携带client_id和client_secret，请求/oauth/token，获取token 必须是POST请求 参数：grant_type=authorization_code code=授权码 redirect_uri=回调地址
//3 刷新token路径： /oauth/token
//  http://localhost:8080/oauth/token
//  client_id=client
//  client_secret=secret
//  grant_type=refresh_token
//  refresh_token=刷新token
//  redirect_uri=http://localhost:8080
//  携带client_id和client_secret，请求/oauth/token，获取token 必须是POST请求 参数：grant_type=refresh_token refresh_token=刷新token